From c7d72b564b9280126f0e92b5af1ec12048d8bf61 Mon Sep 17 00:00:00 2001
From: Mark Bolwell <mark.bollyuk@gmail.com>
Date: Wed, 17 May 2023 15:42:30 +0100
Subject: [PATCH] 4.1.3.6 command improvement

Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
---
 tasks/section_4/cis_4.1.3.x.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tasks/section_4/cis_4.1.3.x.yml b/tasks/section_4/cis_4.1.3.x.yml
index 922ea61..ec925bb 100644
--- a/tasks/section_4/cis_4.1.3.x.yml
+++ b/tasks/section_4/cis_4.1.3.x.yml
@@ -69,7 +69,7 @@
 - name: "4.1.3.6 | PATCH | Ensure use of privileged commands is collected"
   block:
       - name: "4.1.3.6 | PATCH | Ensure use of privileged commands is collected"
-        ansible.builtin.shell: for i in  $(df | grep '^/dev' | awk '{ print $NF }'); do find $i -xdev -type f -perm -4000 -o -type f -perm -2000 2>/dev/null; done
+        ansible.builtin.shell: for i in  $(df | grep '^/dev' | awk '{ print $NF }'); do find $i -xdev -type f -perm /6000 2>/dev/null; done
         changed_when: false
         failed_when: false
         check_mode: false